Rainer, On 10/23/2011 12:19 PM, rj...@apache.org wrote: > +static const char *find_path_in_uri(const char *uri, const char *path) > +{ > + size_t len = strlen(path); > + while (uri = strchr(uri, '/')) { > + uri++; > + if (!strncmp(uri, path, len) && > + (*(uri + len) == '/' || > + strlen(uri) == len)) { > + return uri; > + } > + }
Also, 'len' is never updated in the loop, so the call to strncmp could potentially cause a SIGSEGV -- but only in the cases where something truly nefarious is going on, anyway. -chris
signature.asc
Description: OpenPGP digital signature